Dual boot on Bitlocker

Hello experts,

I need to achieve the following configuration: I have 2 drives in a laptop, Windows 8.1 is installed on C: and both drives are 1 partitions which means C: is a SSD and D: is a SSD.

Both are bitlocked.

I need to be able to install Windows server 2012 r2 on C:\ as well and to host the labs on the bitlocked D: (which was bitlocked by Windows 8.1)

How to achieve this?
LVL 3
infernumAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
Let me describe how I setup bitlocker dual booting on on disk with 2x win8.1, maybe it helps you advance with your two disks, too:

I used a hyper-v machine, so no TPM is available and the Policy "Require additional authentication at Startup" needs to be activated

add a hard drive with 40 GB, boot setup, create a 20 GB partition, install win8.1 pro/enterprise
boot setup again, install a second win8.1 into another 20 GB partition.
boot one of those, encrypt it, reboot
when starting, select the OS you just encrypted and confirm that your password works, then restart
boot the other OS by selecting F11 at the Bitlocker prompt, encrypt it using a different password of course, reboot.
Done, both are bootable, one is the default option, the other is reachable via F11, Bitlocker works for both without any issues!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
Question - why dual boot?  Why not create a VM and run 2012 R2 in a Client Hyper-V VM?
0
infernumAuthor Commented:
Because I need to host a Hyper-V Server and do a cluster/ live migration/ scvmm lab with 2 hyper-v hosts.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

McKnifeCommented:
You have 2012 as the hyper-v host. And on the bitlocked drive d: of that host you would like to place the virtual machine container files for two guest OS'? Is that right? Then it cannot be called dual booting, even if you start those 2 guest machines simultaneously. Please clarify.
0
infernumAuthor Commented:
I only have Windows 8.1 on C:\ which is encrypted using Bitlocker. Also per policy (company) I had to encrypt D:\ which is planned to host the VMs AND the Windows 2012 r2 installation if possible, of not possible, I can install the Windows 2012 r2 on C:\ I dont have a problem with that.

I can decrypt D:\ temporarily till I finish my installation.
0
McKnifeCommented:
You need to be aware of some limitations. You cannot install two OS' on the same partition - that's impossible.
Neither can you install an OS to an already encrypted d:.
If you decide to decrypt d: and install an OS there, you can run that OS as second OS. If you encrypt d: afterwards (which means, you boot that OS you just installed and have it encrypt itself), you will still be able to run it and also, you will be able to mount that partition from your second installation. And of course, you can still install hyper-V on it and place machines inside.

But what looks much more like a plan is to install the server as sole host OS and all others as guests - still, the whole drive could be encrypted. Why not?

Please remember: for security reasons, no bootable OS should be accessible offline, ALL should be encrypted, not just d:
0
infernumAuthor Commented:
So if I decrypt D:\ then install Windows Server 2012 r2 and then encrypt it from Windows Server 2012 r2 I can dual boot from C:\ and D:\ ? while C:\ is still encrypted using its own bitlocker? wont that cause problems using bcedit?
0
McKnifeCommented:
You might have missed my first comment. I described a 2 partition dual boot Bitlocker setup in detail. And it is no difference if both are win8.1 or one is 8.1, while the other is 2012 R2.
0
infernumAuthor Commented:
It wont be dual partition. The D:\ is another physical SSD, will this cause a difference?
0
McKnifeCommented:
No, it won't.
But still, you haven't addressed the question "why not one hypervisor and all the rest as guests?"
0
infernumAuthor Commented:
Because the Win 8.1 I use is my workspace. I need another installation for the fully fledged hyper-v to do my lab.
0
McKnifeCommented:
I see.
0
infernumAuthor Commented:
Thanks McKnife, I will do that and let you know what happens, just to confirm, if I decrypt D:\ , install windows on it and then re-encrypt withing its own OS (Windows Server 2012 R2) I will have Dual boot automatically? Im just confused on how will it place the bootloader?
0
McKnifeCommented:
I did the same basically, although the order wasn't
install 1st OS - encrypt - install 2nd - encr.
but rather
install 1st OS, install 2nd OS, encr 1st, encr. 2nd
But I don't see why it shouldn't work. Just try - I guess you are smart enough to have an image backup anyway + the recovery keys to BL.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.